Summer 2020 Product Release

01.Sep.2020
Learn about the new product features or watch the video highlight of our Summer release to help you manage vulnerabilities more effectively and automate security hygiene across the full technology stack with less effort.
seasonal-product-release

Watch the Summer Product Release updates video

 

 

Announcements

Cloudsec Inspect Container Inspection as a Beta

We have added Container Inspection for Docker Private Registries and AWS Elastic Container Registries. This is currently still in beta stage and is only available to limited customers.  Should you wish to join the beta program, please contact your Outpost24 Account Manager. 

Container inspection allows you to check for vulnerabilities in the containers themselves.  It works by connecting to the private registry, downloads all the containers and analyses them and the composition for complete container security.  .

Future Changes to How We Report Some Network Security Findings

As we continually improve our scan engine and the ways we report findings, we also collaborate with customers who provide valuable feedback on how we report certain findings to ensure that we can provide the best possible information, tied to the highest accuracy we can achieve. We also want to ensure we remove all possible confusion from findings and how we find them.

Based on feedback from a large number of customers, we are working towards refactoring the way we report the port number for what we term Implied Vulnerabilities where we may not be able to authenticate with the Operating System, but we can use other information gathered to make accurate assumptions.

For example, we enumerated the version of Windows based on another service (HTTP, SNMP etc.) we would, by default, report the finding as TCP 445, because that is how you would find it on Windows, or TCP 22 for Linux. The problem has been that this port may not be available, and so we had the potential to cause some confusion if we reported findings on TCP 445, but that port was not seen in the port scan phase.

To overcome this confusion, we are changing this from reporting the assumed port number to instead read Generic.

We are working towards ensuring that this change has as little impact on your current workflows as possible, and how we can ensure the continuation of Accepted Risks and False Positives across this change. Further updates will be provided during the completion of this change. 
 

Update to the Database Integration Library

We have upgraded the libraries used for integrating with MySQL when used within the Event Notifications. We now support MySQL versions 5.6, 5.7, and 8.0.

If you are using the integration into MySQL, please ensure that you are using one of the supported versions.
 

New Features

Portal

  • Added further widgets to the Dashboard in the Portal. This is currently still in beta and is only available to limited customers.  Should you wish to join the beta program, please contact your Account Manager. 

Network security

  • If you have multiple Windows Domains, and Windows workstations could be a member of any of those domains, it is now possible to add multiple sets of SMB credentials to a single scan policy.  

Agents

  • Our Agents capability runs vulnerability scanning to support remote working and this has been extended to support Fedora Linux 32, Windows 10 and Debian 10.

Bug Fixes and Minor Improvements

Portal

  • Improved detection for phpMyAdmin. 
  • Improved detection for Wordpress versions. 
  • Improved detection for XSS attacks. 
  • Improved detection for Blind and reflected SQL injection attacks. 
  • Made improvements to the way Scale detects vulnerabilities resulting in more accurate findings being presented. 

Network security

  • Improved detection for Horde IMP. 
  • Added detection for CVE-2020-3452 (Cisco ASA/FTD web services flaw). 
  • Added detection for CVE-2020-17496 (vBulletin unauthenticated remote code execution). 
  • Fixed an issue that prevented scans started where the Global/Last checks was enabled on the scan policy. 
  • Fixed a bug that prevented users stretching the maintaining targets window in the Outscan UI. 
  • Fixed an issue with Outscan internal that prevented help information showing when selecting the help option. 
  • Fixed a rare issue in report summary's that resulted in High/Medium/Low issues showing 0 when applying specific filters. 
  • Improved detection for "Unencrypted Remote Authentication Available - RPC". 
  • Improved detection for phpMyAdmin. 
  • Improved detection for Wordpress versions. 
  • Improved detection for MikroTik RouterOS. 

Agents

  • Fixed an issue with the call home frequency that prevented it being reset to the default value. 
  • Fixed an issue where the Agent may stop calling home until the next Agent restart 
  • Fixed an issue when signing log files 

MSSP Platform

  • Fixed a rare bug that prevented installation of packages on HIABs when certain custom encryption keys were used. 

End of Life Announcement

Elastic Workload Protector (EWP)

  • Official End of Life date: 30 September 2020. 
  • Official End of Support date: 31 December 2020.

 

 

Contact customer support

Looking for anything in particular?

Type your search word here